Bug 49734 - conflicts between bind and ipchains
conflicts between bind and ipchains
Product: Red Hat Linux
Classification: Retired
Component: bind (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2001-07-23 12:28 EDT by Need Real Name
Modified: 2007-04-18 12:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-09-18 13:29:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-07-23 12:28:57 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19-7.0.1 i586)

Description of problem:
I have a RH 7.1 box with a Bind DNS server and ipchains. After booting the
machine Bind don't serve any DNS query.
I tryed to run: "/etc/init.d/named restart" to see if named had died,
but this does not resolve the problem. But if I run:
/etc/init.d/ipchains stop
/etc/init.d/named restart
/etc/init.d/ipchains start

Then the server begins to resolve the DNS querys of the rest
of the network. I don't think it a error with my ipchain configuration,
because after those 3 command the ipchains are active and named
serves the names without problem.

How reproducible:

Steps to Reproduce:
1. Reboot the DNS server
2. Ask some PC in the network to do a query to the DNS server

Actual Results:  The client don't get any answer and try next DNS server in

Expected Results:  The client get the answer (quickly)

Additional info:

The ipchains -L command on the DNS server returns:
NOTE: the name of the DNS server is dac.escet.urjc.es

[root@dac /root]# ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     tcp  ------        any ->  
ACCEPT     udp  ------        any ->  
ACCEPT     udp  ------  dac.escet.urjc.es    anywhere              domain
->   any
ACCEPT     udp  ------  gsyc.escet.urjc.es   anywhere              domain
->   any
REJECT     tcp  -y----  anywhere             anywhere              any ->  
REJECT     udp  ------  anywhere             anywhere              any ->  
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
Comment 1 Karsten Hopp 2002-07-16 08:58:05 EDT
DNS lookups can be tcp, too. Please add tcp rules for the 2. and 3. rule above.

Note You need to log in before you can comment on or make changes to this bug.